Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user'...

Descripción completa

Detalles Bibliográficos
Autores principales: Choi, Younsung, Nam, Junghyun, Lee, Donghoon, Kim, Jiye, Jung, Jaewook, Won, Dongho
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Hindawi Publishing Corporation 2014
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4170879/
https://www.ncbi.nlm.nih.gov/pubmed/25276847
http://dx.doi.org/10.1155/2014/281305
_version_ 1782335862589095936
author Choi, Younsung
Nam, Junghyun
Lee, Donghoon
Kim, Jiye
Jung, Jaewook
Won, Dongho
author_facet Choi, Younsung
Nam, Junghyun
Lee, Donghoon
Kim, Jiye
Jung, Jaewook
Won, Dongho
author_sort Choi, Younsung
collection PubMed
description An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.
format Online
Article
Text
id pubmed-4170879
institution National Center for Biotechnology Information
language English
publishDate 2014
publisher Hindawi Publishing Corporation
record_format MEDLINE/PubMed
spelling pubmed-41708792014-09-28 Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics Choi, Younsung Nam, Junghyun Lee, Donghoon Kim, Jiye Jung, Jaewook Won, Dongho ScientificWorldJournal Research Article An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme. Hindawi Publishing Corporation 2014 2014-09-08 /pmc/articles/PMC4170879/ /pubmed/25276847 http://dx.doi.org/10.1155/2014/281305 Text en Copyright © 2014 Younsung Choi et al. https://creativecommons.org/licenses/by/3.0/ This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
spellingShingle Research Article
Choi, Younsung
Nam, Junghyun
Lee, Donghoon
Kim, Jiye
Jung, Jaewook
Won, Dongho
Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
title Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
title_full Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
title_fullStr Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
title_full_unstemmed Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
title_short Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics
title_sort security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4170879/
https://www.ncbi.nlm.nih.gov/pubmed/25276847
http://dx.doi.org/10.1155/2014/281305
work_keys_str_mv AT choiyounsung securityenhancedanonymousmultiserverauthenticatedkeyagreementschemeusingsmartcardsandbiometrics
AT namjunghyun securityenhancedanonymousmultiserverauthenticatedkeyagreementschemeusingsmartcardsandbiometrics
AT leedonghoon securityenhancedanonymousmultiserverauthenticatedkeyagreementschemeusingsmartcardsandbiometrics
AT kimjiye securityenhancedanonymousmultiserverauthenticatedkeyagreementschemeusingsmartcardsandbiometrics
AT jungjaewook securityenhancedanonymousmultiserverauthenticatedkeyagreementschemeusingsmartcardsandbiometrics
AT wondongho securityenhancedanonymousmultiserverauthenticatedkeyagreementschemeusingsmartcardsandbiometrics

Ejemplares similares